From 6548078271cf381fe4c0340d8cf49598303c6c73 Mon Sep 17 00:00:00 2001 From: Chenbo Feng Date: Fri, 8 Feb 2019 15:53:02 -0800 Subject: [PATCH] ANDROID: Turn xt_owner module on Once xt_qtaguid module is deprecated, the netd strictController which uses owner match to filter egress traffic will not work because xt_qtaguid masquerades as (and implements/extends) the "owner" module on android devices. It can be resolved by turning upstream xt_owner module back on since strictController only targets egress traffic and the upstream xt_owner module works fine in this case. Signed-off-by: Chenbo Feng Bug: 79938294 Test: manual cherry-pick and compile Change-Id: Ia099db025f17f6042384c9f0caf7b941a40b8b84 --- arch/arm64/configs/cuttlefish_defconfig | 1 + arch/x86/configs/x86_64_cuttlefish_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/arm64/configs/cuttlefish_defconfig b/arch/arm64/configs/cuttlefish_defconfig index d74af2e0e4b1..87a90ea32c2d 100644 --- a/arch/arm64/configs/cuttlefish_defconfig +++ b/arch/arm64/configs/cuttlefish_defconfig @@ -143,6 +143,7 @@ CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y diff --git a/arch/x86/configs/x86_64_cuttlefish_defconfig b/arch/x86/configs/x86_64_cuttlefish_defconfig index 35c800c4bb40..e889c64f64f8 100644 --- a/arch/x86/configs/x86_64_cuttlefish_defconfig +++ b/arch/x86/configs/x86_64_cuttlefish_defconfig @@ -147,6 +147,7 @@ CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y